!N  CASE  r:= 

EMERGENCY 


aeoiaHtt  m  wmwimv 

8«  xoaod 

»  SmSTHU  VKm  1VN0UVN 
33dS  NOdJSnODV/WISJBS  HV)H«I 

. . . . . 

»£0  u  COO  nn  #9/®/Ti60eTT# 
»nuioi  ^rgax8# 


SUPPORTING  MOBILITY 

WHILE  MANAGING  RISK 


The  new  IT  challenge:  how  to  give  employees  the  mobile  access  they  want, 
while  keeping  corporate  data  secure  and  protected. 


Mebila  d«vic«  ar*  na  langar  a  trend,  they’re  j  life.  Regular  upgrades  to  new  devices  and  unfettered  access 

an  integral  part  of  our  daily  lives.  As  a  to  corporate  data,  the  latest  apps  and  social  media  are  now 

result,  today's  tech-sawy  employees  are  expectations,  not  perks, 

demanding  the  same  fast  and  flexible 

mobility  standards  in  their  work  life  There's  no  doubt  about  it:  An  efficient,  mobile  workforce  is  good 

that  they  experience  in  their  personal  for  business.  However,  it  presents  a  whole  new  set  of  challenges 


ADVtRTIStMtMT  OCTOBER  11. 


ADVERTISEMENT 


prescriptions  via  mobile  devices,  but  was  challenged  by  stringent 
security  and  compliance  regulations.  Verizon  provided  a  customized 
identity  and  access  management  solution  that  helped  the  chain 


VERIZONENTERPRISE.COM/MOBILEWORKFORCE 


verijon 


Step  up.  Scale  out. 


Introducing  IBM  NeXtScale  System. 

The  risiog  demand  for  intelligence  from  increasing  data  volumes,  and  the  need  for  greater  efficiency  in 
the  cloiid.  may  leave  today's  data  centers  inadequate  for  your  requirements.  Introducing  IBM  NeXtScale 
System'-  an  easy-to-deploy,  cost-effective,  hyperscale  computing  platform  that  focuses  on  maximizing 
density,  performance  and  efficiency  for  lower  operating  costs.  Its  simple  and  open  design  integrates 
with  your  existing  infrastructure  and  has  the  capability  to  help  reduce  onboarding  time  by  75%  with 
optional  IBM  Intelligent  Cluster'  ’ 

Powered  by  the  new  Intel®  Xeon*  processor  E5-2600  v2,  IBM  NeXtScale  System  packs  3x  the  cores^ 
versus  previous  generation  1U  rack  servers,  and  up  to  37%  greater  performance^  and  36%  better  energy 
efficiency*  versus  previous  generation  systems.  This  high  performance  system  allows  you  to  obtain 
maximum  value  from  your  data  by  bringing  IBM's  high  performance  computing  experience  to  work  for  you. 


"III!." 

"II 

■ii 


COMPUTERWORLD 


COVER  STORY 


The  Danger  of  Things 
Going  Right 


iliffi 


COMPUTERWORLD 


THIS  ISSUE  I  11.18.2013  [ 


COVER  STORY 

The  Danger  of  Thinp 
Going  Right 

12  When  IT  isn't  coping  with  catastrophic  system  failures  or  working  on  a  major  software  deployment, 
the  CEO  might  wonder  what  the  CIO  does  all  day.  Here's  how  to  make  sure  IT  isn’t  undervalued. 


Mobile's  PeritS  of  the  Brand 

New  Ergonomics  Specialist 

19  Mobile  devices  give  freedom  of  movement  to  22  Hitching  your  wagon  to  a  hot  technology  may 

once-deskbound  office  workers,  but  they  present  lead  to  lucrative  job  opportunities,  but  it  can  be 
ergonomic  challenges  of  their  own.  risky.  Have  you  met  any  dBase  developers  lately? 


HEADS  UP  I  4  Anew 
supercomputer  uses  SSD 
stara«e.  i  Marin  County  wants 
to  ditch  SAP.  I  5  infosyspays 
$34  million  to  settle  visa  fraud 
charges.  I  Apple  plans  to  build 
a  green  factory  in  Arizona. 
NEWS  ANALYSIS 
6  Microsoft's  plans  for  office 


Web  Apps  are  hazy.  I  7  The 
Senate  tries  to  spur  data  center 
consoiidation  at  U.S.  agencies. 
OPiNIONS  I  26  Thornton 
Hay  says  mobile  computing 
has  IT  caught  between  a 
rock  (users  demand  it)  and 
a  hard  place  (security  is 
inadequate).  I  32  ScotFinnie 


has  some  thoughts  on  why 
Apple  made  OS  X  and  its  iWork 
office  suite  free. 

DEPARTMENTS  I  8  The 


GriN:  Rosetta  Stone  CIO  Pradeep 


Marin  County 
Aims  to  Replace 
SAP  ERP  System 

officials  in  California’s  Marin  County 


New  Supercomputer  Uses  SSD  Storage 


Lustre  61e  system  to  help  break  bottlenecks 
and  improve  thror^put 
The  overall  perfonnaiice  o(  Catalyst  is 
nowhere  near  that  of  the  world's  fastest  su- 
percon^iuter,  Tianhe-2,  which  delivers  a  peak 
performance  of  $4-9  petaflops.  But  the  use  of 
SSDs  as  an  ahemative  to  both  volatile  DRAM 
and  hard  drives  sets  the  new  system  apart. 

Even  though  they’re  more  expensive  than 
ocher  storage  options,  SSDs  are  increasingly 
replacing  hard  drives  in  servers 

Th^w^  being  used  as 

With  (aster  SSD  storage,  Catalyst  is  adept  at 
salvingbigdatapcoblems,inateassuchasbio- 

prooessing,  according  to  Lawrence  Livermore. 

-  dgirm  Shah.  IDC  News  Service 


OUTSOURCING 


Infosys  Settles  U.S.  Visa  Scam  Charges 


IN  A  SETTLEMENT  announced  this  nxinth, 
the  U.S.  government  alleges  that  ofibhore 
outsourcing  giant  Infosys  violated  visa 
laws  to  increase  its  profits,  reduce  visa 
expenses  and  avoid  tax  liahilities. 

But  instead  of  pursuing  a  court  case,  the 
U.S.  will  instead  accept  a  $34  million  settle¬ 
ment  payment  from  Infosys. 

That’s  standard  procedure  for  visa  violation 
claims,  but  this  is  the  hugest  settlement  e 


settlement  figure  represents  a  fraction  of  the 
$6.99  billion  in  aota  revenue  generated  by  the 
Bari^lote,  Indiahased  IT  services  provider. 
Irrfosys  denies  arty  wrongdoing. 

patty’s  use  of  the  B-t,  or  businer 

B-i  visas  are  generally  irttertded  for  short¬ 
term  visits  to  the  US.,  such  as  trips  to  attend 
coirfeiettces.  They  ate  relatively  easy  to  get 
artd  aren’t  subject  to  the  caps,  fees  or  wage 
requirements  that  govern  use  of  H-tB  visas. 
Infosys,  which  applies  for  thousands  of 


H-rB  visas  every  year,  "irttlawfully’’  supple¬ 
mented  its  workforce  with  B-t  visa  workers, 
according  to  the  U.S.  complaint,  which  alleged 
that  Ittfirsys  wrote  letters  to  U.S.  oflScials 
with  “fcilse  representations  regardittg  the 
true  purpose"  of  B-t  workers’  activities.  Visa 
applicants  were  also  told  what  to  say  to  avoid 
suspicion,  according  to  the  government. 

“We  will  not  tolerate  actions  that  mislead 
the  Urrited  States  and  circumvent  lawful 

by  a  single  individual  or  one  of  the  largest 
corporations  in  the  world,"  said  John  Bales, 
U.S.  attorney  for  the  Eastern  District  of  Texas, 
whose  office  conducted  the  investigation. 

Infosys  said  its  B-t  visa  use  ’Vas  for  kgiti- 

[designed]  to  circumvent  the  teqitiretnents  of 
the  H-tB  prograttt." 

Ittfosys  no  restricttons  on  its  ability  to 
obtain  future  visas,  birt  it  did  agree  to  improve 


-  Attrick  Thibodeau 


to  invest  at  home. 

The  project  will  create  more  than 
^000 jobs.  Apple  said  in  a  brief 
statement  earlier  this  month.  That 
figure  includes  700  manufactur¬ 
ing  jobs  created  in  the  first  year 
and  1.300  jobs  in  conaruction  and 
other  fields,  according  to  Arizona 


Salt  River  Project,  an  elearic  utility 
in  Arizona,  to  create  “green  energy 
sources'  to  power  the  facility. 


Apple  has  said  it  would  invest 
tlOO  million  this  year  in  domestic 
production  of  Macintosh  systems, 
and  that  it  would  make  one  of  its 
Mac  Ikies  exclusively  ki  the  IJ.S. 

In  May,  the  company  said  it  would 
make  some  Mac  parts  in  Texas. 


NEWS  ANALYSIS 


Office  Web  Apps 
Plan  Still  Unclear 

Miaiosoft’s  latest  inoves  counter  Google’s  gaiiB^ 
but  the  company  has  yet  to  disclose  a  long-term 
plan  for  its  chHid-based  tools.  By  Gr^ 


Office  Web  Apps  are  available  free  of  chaige  or  as  part  of 
Office  365,  the  hosted  software  o&ring  that  Microsoft  has 
been  aggressively  promoting  to  businesses.  Through  OtBce 
365,  Office  Web  Apps  are  linked  to  SharePoint,  Microsoft's 
collaboration  platform  and  central  hub  for  storing,  access¬ 
ing  and  sharing  documents. 

Clearly,  one  of  the  key  reasons  for  the  existence  of 
Microsoft's  cloud-based  suite  is  to  defend  against  customer 
defections  to  Google  Apps  for  Business,  a  $50-per-user-per- 
year  service  that  includes  Docs.  Microsoft  currently  coun¬ 
ters  that  with  two  Web  Apps-based  Office  365  plans,  one 
for  small  businesses  that  costs  $60  per  user  annually,  and 

Beyond  that,  though!  the  Ofiioe  Web  Apps  strategy  is 
a  mystery  to  many  experts.  Is  it  an  eventual  sifostitute  for 
Office  on  the  desktop?  A  loss  leader  aimed  at  consumers?  The 
cross-platform  Office  for  tablets  running  Android  or  iOS? 

Central  to  those  questions  is  the  key  Office  Web  Apps 
dilemma:  Micnrsoft  must  walk  a  fine  line  between  not 
ofiering  enough  functionality  and  offirring  too  much. 

Doing  the  fbmrer  would  negate  its  afelity  to  compete  with 
Google;  the  latto  course  could  prompt  businesses  to  dump 
the  higher-priced  Office  perpetual  licenses  or  revenue- 
generatitig  Office  365  plans  in  fovor  of  Ofiice  Web  Apps. 

Rivals  don't  have  that  problem,  since  their  business 
models  don't  rely  on  software  sales,  but  on  sales  of  advertis¬ 
ing  (Google)  or  devices  (Apple). 

In  the  past,  Microsoft  has  rlone  little  to  promote  Office 
Web  Apps.  Anecdotally,  many  businesses  don't  even  know 
they  exist,  suggesting  that  Microsoft  may  have  been  mote 


MKaosorrhadto 

to  its  free  Office  Web  Apps  St 
move  to  bhmt  the  key  advantage  of  Google  Docs. 

-Real-time  collaboration  is  what  got  Docs 
<m  the  map.  And  Office  didn't  have  it,"  said 
Michael  Silver,  an  analyst  at  Gartner. 

But  even  after  Microsoft  added  the  capability  as  part  of  a  Web 
Apps  upgrade  this  month,  its  long-term  strategy  for  the  browser- 
based  verskxis  of  Word,  Excel  and  BowerPoittt  remains  utKiear. 


Microsoft  officials  have  hinted  that  rhi.  month's  moves 
may  mark  the  launrb  of  a  long-tar^  plan  to  eventually  use 
Of^  Web  Apps  as  a  substitirte  for  Office,  positioning  them 
as  a  cote  ofiering  that  generates  revenue  via  related  sales  of 
other  products,  such  as  server  software  and  services. 

However,  some  experts  say  it's  unrealistic  for  Microsoft 
to  expect  something  free,  like  Office  Web  Apps,  to  produce 
equivalent  revenue  thnx^  secondary  sales  of,  say,  atld-ons 
,.  or  services,  or  that  sirbscriptiotis  to  the  least  expensive 

Office  365  plans  built  anxitid  Office  Web  Apps  could  com¬ 
pensate  for  latgescale  desertions  from  the  pricier  products. 

“Office  Web  Apps  ate  an  imporUnt  piece  longer  term  to  Mi¬ 
crosoft,  but  will  ten  ' 


id  Micro- 


powerful  sales  tool  for  SharePoint,  a  muMbillion-dollar  product 
line.  "It's  SharePoitrt  value  that's  importanC  he  argued.  "They 
have  to  keep  arlding  vaitte  to  SharePoint  to  [keep]  it  relevant.-  » 


a  complement 


will  remain 


bill  —  Miduel  Bennet  (D-Colo.).  Tom  Coburn 
(R-CSda.)  and  Kelly  AyoRe  (R-N.H.)  —  say  the 
legislation  will  add  oversight  and  r^ular  lefwrt- 
ing  to  the  process  to  help  ensure  that  deadlines 
are  met.  The  trio  pointed  to  the  GAO  report  to 
make  the  case  for  legislation. 

The  consolidatioa  bill,  dubbed  the  Federal 
Data  Center  Consolidatioa  Act  of  2013,  was 
advanced  by  the  Senate  Homeland  Security  and 


dation  plans  face  artother  hi^  obstacle;  office 
_  politics.  In  short,  consolidatioo  talk  scares 

Fed  Data  Center  Plan 

1  •  gi  Accorrling  to  the  GAO  report,  other  major 

I  /^■rp  |/-|-|p|r|  1ir|  challet^  to  the  government’s  plan  involve  the 

VjCLiJ  X  I  All  OdldLC  cloud  and  virtualization.  Some  agencies  don’t 

have  the  expertise  to  turn  to  those  technologies. 

Anew  bill  sets ‘hard  deadljnes'forconsolidatingU.S.  or  they  have  trouble  budgeting  for  on-demand, 

governifM>ntdatacentersandcallsfor‘streng^^  “IJlSXrheads  government  market 

oversight’ of  the  effort  By  Patrick  Thibodeau  research  firm  BirchGtoveConsuking,  wonders 

whether  any  legislation  can  help  overcome 

.  suchchallenges.“[IftheObamaadmiiiistra- 

tmn]  couldn't  make  it  work,  bow  is  a  law  going 

FEDERALAGEMCIESarent  meeting  Obaunaadministra-  i  to  make  it  work?”  he  said,  and  questioned  whether  there  is  any 
tion  goals  for  consolidating  data  centers,  so  a  bipartisan  penalty  for  agencies  that  hill  behind. 

U.S.  Senate  bill  that  sets  “bard  deadlines”  is  on  track  Nonetheless,  there  is  evidence  that  some  federal  agencies  are 

foradopcion.  I  starting  to  invest  heavily  in  ckud  computing  as  an  ahemative  to 

In  early  2010,  the  federal  gov-  internal  data  centers,  according  to  market 

enimentsetagoalofclosing40%,ori,253,  researcher  Dehek. 

Ofits3,i33daucentersbytheendof20i5-  The  total  value  of  federal  contracts  for 

a  move  that  vvould  save  $3  billion.  But  it  has  doud  services  grew  from  $27  million  in 

fellen  behind  schedule  by  nearly  300  dau  2009  to  $4  billion  in  2012  to  $17  billioo  in 

centers,  so  the  savings  thus  for  have  been  fiscal  2013  ended  Sept  30,  Deltek  found, 

minimal -$65.3  million,  according  to  a  “Agencies  are  moving  much  more  ag- 

Govemment  Accountability  Office  report  gtessivdy  to  the  doud,”  said  Dehek  anal; 

issued  last  spring.  AlezRossino. 


how  is  a  law  going  to 
make  it  work? 


The  three  primary  sponsors  the  Senate 


There  will  be  a  slowdown  in  cloud 


qiending  over  the  next  two  years  because 
!>f  sequestration,  Rossino  said,  but  spend¬ 
ing  will  accelerate  quiddy  after  that.  • 


Reduce  human-error  downtime,  too! 

>  Get  guidance  in  our  free  white  paper  and 
enter  to  win  a  Google  Nexus  10  tablet! 


ATTENTION  CRC:  e257u 
132  FAIRGROUNDS  RD 
P.0.B0X278 

WEST  KINGSTON  Rl  02892-9920 


. . . . . 


The  foundation  of  business  network  uptime. 


APC  by  Schneider  Electric  Smart-UPS  units 
protect  24/7/365  network  availability. 

Safeguarding  critical  networking  switches  and  routers 
Your  business  depends  on  your  business  network.  Protecting  that  network, 
therefore,  is  more  critical  than  ever.  Known  for  their  reliability  for  over  25 
years,  APC”  by  Schneider  Electric  Smart-UPS”  uninterTuptible  power 
supplies  eliminate  costly  downtime  by  providing  reliable,  network-grade 
power  over  a  wide  range  of  utility  conditions.  They  keep  employees 
connected  to  business-critical  applications  whether  th^  ate  in  house,  at  a 
co-location  facility,  or  in  the  doud. 

A  Smart-UPS  model  for  every  need 

Whatever  your  fT  needs  and  configuration,  we  have  the  right  Smart-UPS 
model.  The  family  offers  multiple  form  factors  (tower,  rack  optimized,  and 
lack/tower  convertible)  to  deliver  flexibility  for  any  enyfronment.  And  you 
can  scale  runtime  to  business  requirements.  In  addition,  you  can  proactively 
manage  the  network  closet  remotely  and  optimize  energy  use  thrtxjgh  a 
patentgd  "grfeen  mode"  on  many  models.  Deployment  is  easy  with  optionai 
Schneider  Electric  installation  seniices.  Smart-UPS  backup  units:  the 
intelligent  choice  for  your  business  netwoikl 


v3pc£om/promoKeyCode:e2S7u  Call;888-28»-APCCx6572 


THE  GRILL |  PRADEEP  MANNAKKARA 


We  had  a  structure  that  was  called  Build  or  Run,  and 


ee  what  you’d  expect  in 
a  technology-driven  oiganization;  [Eleinents  such  as] 
a  data  center  services  function,  a  Web  engineer  func¬ 
tion.  Our  corporate  systems  function  was  spread  out, 
so  we  separated  our  B1  and  enterprise  archhect  func¬ 
tions.  Then  we  said,  “Who  is  each  of  your  customers?” 

the  trust  and  saw  wins,  we  started  moving  one  after 
another,  pushing  the  next  wave,  which  was  into  doud. 


tan  whM  yvn  irrlwdr  A  lot  of  homegrown  and  early 
looos  technology.  The  beauty  was  we  were  having  to 
leapfrog,  which  worked  out  well.  We  moved  to  cloud 
in  much  more  spaces  than  we  wrxdd  have  if  we  were 
on  other,  newer  technokigy.  In  this  last  12  months, 
we’ve  made  a  very  rapid  move  to  cloud. 


WI1HclmiliBrtliiiHWlmm««  trade  so  tar? 

We  did  the  Saledbrce  server  cloud  in  April  of  last 
year.  We  imved  away  from  Microsoft  Outlook  for 
email  and  went  to  Google  for  email  as  well  as  app 


There  are  reasons  to  stay  with  on-premises  solutions. 
I’d  say,  however,  that  a  lot  of  those  are  fost  disappear¬ 
ing.  If  I  can  get  it  done  with  the  proper  security  faster 
and  cheaper  with  cloud,  Td  go  for  cloud  because  it 
has  the  vdue  I  look  for.  How  much  value  I  provide  to 
my  organization  is  based  on  how  fast  I  can  deliver.  If 
I’m  doing  this  on-premises  and  have  to  have  a  differ¬ 
ent  set  of  resources  to  suppcat  it,  but  it’s  not  adding 
the  same  value,  then  my  organization  doesn’t  win. 

The  other  part  of  this,  when  you  look  at  technology, 

it,  and  then  you  figure  there  will  be  something  better. 
So  Ihi  making  things  modular  enough  so  I  can  swap 
out  components.  Arid  you  can  do  that  easier  with 
the  ckxid,  because  with  SaaS  you  don’t  have  all  that 
hardware  and  software  on  the  books.  Tve  changed 
about  80%  of  my  technology  stack  in  the  past  two 
years,  and  a  lot  of  this  has  moved  to  the  cloud.  But  Tve 
also  brought  some  on-premises.  For  example,  we  use 
Magento  for  our  e-corrunerce.  We  elected  not  to  move 
this  to  the  cloud  at  this  time  because  it’s  so  central,  it 
touches  so  many  systems.  But  at  some  point,  would  we 
consider  moving  to  the  doud?  Absolut^. 


U  We  moved  to  doud  in  much  more  spaces  than  we  would  have 
if  we  were  on  other,  newer  technol^.  In  this  last  12  months, 
we’ve  made  a  very  rapid  move  to  cloud. 


storage.  We’ve  looked  at  other  ways  of  obtaining  cost 
efficiencies  as  well  as  driving  more  capabilities  as  we 
rolled  out  a  slew  of  doud-based  technologies.  We  also 
looked  at  Dropbox  and  Box  and  other  [file-sharing] 
services.  We  were  finding  out  [workers  in]  remote 
locations  as  well  as  rxir  marketing  folks  were  setting 
up  private  Dropbox  files  to  share  material,  and  our 
engineering  team  was  doing  this,  too.  ’This  could  be 
corporate  [intellectual  property],  and  this  is  happen¬ 
ing  in  companies  all  over  the  place,  so  we  said,  “We 
need  a  corporate  sohjtion.'  Now  we’re  pushing  Box  as 
a  standard,  it’s  less  to  manage  and  it’s  all  in  the  cloud, 
and  they  can  work  from  anywhere. 

And  we  wem  with  Oku;  it’s  a  cloud-based  single 
sign-oo  prmrider.  Password  resets  were  one  of  the 
biggest  ticket  items  on  our  help  desk,  and  with  Oku 
they’ve  dropped  down  to  nothing.  We  also  rolled  out 
Concur  for  our  employees  who  have  to  do  expense 

out  Xactly,  which  is  buih  on  the  Salesfirrce  platform. 

Mat  d*  VM  iMk  Itr  hi  M*  tadHNla^M?  If  things 
aren’t  simple,  you’re  not  going  to  have  people  using 
them.  User  interface  is  so  important. 


What  h  yaw  MohI  IT  praiKt  iww?  Were  (kxng 
things  around  dau  and  reportir^,  and  there  are  some 
exciting  initiatives  there.  As  for  challenges,  one  that 
we've  had  is  with  the  muhitude  of  videoconferencing 
systems  out  there.  There’s  Polycom  in  the  confereixe 
trwms,  people  are  using  FaceTutK  and  Skype  and 
Google  Hai^out.  We  just  signed  with  Blue  leans. 
They’re  in  the  cloud  as  well.  They  allow  you  to  do 
hi^vdefinition  autlio  and  videoconforencing. 

Haa  do  yaa  blip  laid  traMfbnaatlon?  It’s  really 
being  part  of  that  cote  team,  beir^  part  of  defining 
where  we  go  as  a  culture.  You  can  say,  “I  want  to 
change  it."  but  your  actions  dicute  what  happens. 

I  try  to  listen  and  understand  but  also  drive  us  to 
where  I  think  we  need  to  be.  There  are  disci|Jines  I 
use,  but  a  lot  of  it  comes  down  to  listening  and  com¬ 
municating  aixl  driving  some  of  there  utKomfirruble 
conversations  we  sometimes  need  to  have,  challeng¬ 
ing  ourselves  about  what  really  needs  to  happen  to 
help  us  have  better  outcomes. 

—  Interview  by  Computerworld  contribulirtg  writer 
Mary  K,  Pratt  (marykpnitt@verizon.neO 


The 

Software- Defined 
Data  Center. 

The  IT  innovation 
that’s  built  to  lead 
your  business  into 
the  future. 


VMware’s  Software-Defined  Data  Center  is  enabling  businesses  to 
embrace  IT-as-a-Service.  Now  you  can  take  the  investments  you’ve 
made  in  technology  and  reach  new  transformational  levels  of  agility 
and  efficiency.  From  extending  your  data  center  to  a  hybrid  cloud, 
to  delivering  secure  workforce  mobility,  to  providing  one  unified  and 
automated  management  system,  VMware  is  driving  the  next  generation 
of  IT.  Helping  your  business  innovate  now.  And  well  into  the  future. 

vmware.com/vmwarestory 


vmware 


COVER  STORY 


TDAIKER 

WOF  THINGS  GOING 

RKHr 


If  there’s  no  crisis  or  big  project  to  work  on, 
CEOs  may  wonder  what  IT  does  all  day.  Here’s 
how  to  make  sure  your  contributions  don’t  fade 
into  the  background,  by  minda  zetlin 


OBERT  HANDLER,  an  analyst  at  Gartner,  will  never  forget  one  of  his 
earliest  consulting  jobs.  “I  was  asked  to  gather  enough  data  on  a  CIO 
to  fire  him,"  he  recalls.  Handler  dutifully  began  researching  the  OO’s 
current  and  past  activities  but  could  find  no  obvious  missteps.  In  foct, 
the  man  in  question  was  the  best  aO  he’d  ever  met 

Eventually,  he  returned  to  the  CFO  who  had  given  him  the  assign¬ 
ment  to  ask  why  the  CIO  was  to  be  fired.  The  CFO  answered,  “He’s 
spending  a  lot  of  money,  and  everything  seems  to  be  working  just 
fine,”  Handler  recalls.  “And  I  thou^t  ‘I  don't  ever  warrt  to  be  a  CIO!” 


13 


COVER  STORY 


Muiiiiler  )w(l  I'rxotinkfrtI  iUH'of  ihe|>aradi»U‘sot  the  IT  world: 

'  lud  ihiiiUN.  iikt*  tmt  lost  data  or  iK'twork  Incachts.  "On  a 
!>oodd.iv  in  II.  nobod\  kmms  vonri*  tlioff."  s,iv>  |ik*  McLitighlin. 
vuf  pii*sKk‘iit  III  AAA  WrskTn  and  Ciulral  .Now  York,  a  Bnffalo- 
KiM'd  noiTor-|m>Ht  that  pros  kk*s  cnH’rgt'iKA  roiidsklc  assist jikv 
and  tiilK'r  soiMtiw  to  its  K80.000  iik’HiIkts. 

l\wrv.  Inh  iIka  think  y<m're  updating  your  kaiolKxtk  pruHIcs  while 
wailing  lof  retjiiests  lor  In’lp.  Like  the  CFO  wlx»  HamllereiHtMin- 
leti’d.  thes  inav  assuiiK*  that  if  iIkw  doii'i  see  ik'vv  teilinology 
being tk‘|)lo\t‘d  or  major  proldems  bi*ing  repaireiL  there's  nothing 
mixh  going  oti.  Bui  in  reality,  a  gixxl  IT  person  will,  for  example, 

■  Iv  t  onstanih  kxiking  at  resourxi‘s  in  find  out  abiKit  zero-day 
atiat  ks  aiKl  imIkt  thuMis.  '  sa\s  Mike  N’ilak'.  CTO  at  TalkPoint,  a 


Wi>biasi  lAenispt'r  year.  "If  ihiTe  is  a  threai.  the  provider  w  ill 
put  «Mii  a  pati  h  quK'kl>.  But  tlu^n  I  h.ive  to  find  out.  if  I  install  ihe 

know  .ibiHit  tlx*  biiH  king  and  taekling  that  goes  on  I'very  day." 

ifk'n  tlk*\  run  in  pt*rpefual  moiion  Irom  that  point  forward  with 
iMi  t  are  and  feeding  invoKx'd.  '  adds  Chris  Brady.  CIO  at  Next- 

w  fxise  75  btaiK'lies  serve  9.000  dealerships. 

I  hat  misciimx*ptiun  is  easy  to  uiKlerstand.  Corpir 


I  set  tliein  up  and  they  keep  running  w  ith  little  or  ikj  inierwn- 

lalh  downkiad.  It's  hard  to  argue  with  the  logic  that  servers 
costing  $$u.ocx>  or  nxtre  should  have  at  least  tlie  same  capabili- 


CMsily  in  the  i  ll 

"A  kit  of  IT  tiMins  for  the  past  10  yvars  have  been  supporting 
Mkorsidt  products."  Vitale  says.  "Then  —  boom!  —  cAernight 

Ptfipk’  are  getl  ing  rid  of  Blac  kBerrii^  and  want  to  use*  Android  ch* 
iOS  ckwkes.  It  sounds  t*asy  to  tlH‘m.  but  it's  not.  I  hey  just  expect 
It  to  work,  aiici  it  it  doesn’t,  there’s  a  goixl  deal  of  anger." 

IrxJeed.  IT  often  gix*s  unapprc'ciated  unless  and  until  something 
fails  to  work  as  expec  ted,  "i'se  seen  a  Ua  of  companies  w  here  busi¬ 
ness  units  can  «Aerrule  IT.”  Vitale  says.  Tliat  pliilosophy  hokls.  he 
sa\s.  unk>ssan  impirtant  kth  funciKinfails.'Thcm  they're  waiting 
f«v  the  IT  mam  to  swcx}|)  in  aixl  save  the*  day.  It’s  tlx*  mcAt  thank¬ 
less  |i>b  ill  tie  wxjrld  right  up  until  sc«iK‘ihingg(X's  w  rong." 

*>r  allow  It  to  fail  so  as  to  gain  the  recognition  that  conns  with 

badh  w  ill  tKii  be*  bc’tK'ficial  to  your  di^partmc 
your  career.  Ai  *  ‘ 

top  executives,  even  when  things  are  running  snHxMhly. 

Let  Them  Know  What  You’re  Doing 

“Then*  is  thiscmicepiion  that  if  I  nu^irKentralingon  BYOIXall  the 
old  stuff  like  server  patching  and  firewall  amfiguration  can  take  a 

new  shiny  progxts  do."  say  s  |<x*l  [>ilisy.  CTO  (and  top  IT  executivx-) 
at  Sc4arWinds.  an  .Austin  ha.sLxf  miwork  managemetu  cxxiipam 


There's  this  misconception  that 
you  stand  up  your  servers  and  then 
they  run  In  perpetual  motion  from 
that  point  forward  with  no  care  and 
feeding  involved. 


prcAide  regular  updates  on  wrhat  IT  has  accomplished.  For  example, 
lie  says.  "I  have  a  meeting  with  my  CEO  today  to  talk  about  the  latest 
things  we’ve  achk*ved  in  Web  development,  and  that  people  are  not 


“Executives  are  sensitive  to  money  and  to  the  total  head  count 
devoted  to  the  IT  department.  Providing  that  information  on  a 
rc'gular  basis  is  primordial,  because  otherw  ise  people  think  the 
money  is  going  into  a  black  hole.”  Dolisy  says. 

That's  not  a  good  situation.  "There*^  clear  danger  that  if  IT 


and  presiding  transparency  into  day-to-day  operations,  a  lot  of 
mundane  tasks  will  be  trivialized.”  Dolisy  says.  “At  that  point, 
it's  difficult  to  deal  with.  The  only  thing  that  comes  from  the  rest 
m  is  pressure  to  downsize  the  budget  and 


projects.  That’s  a  recipe  for  disaster.” 

And  Vitale  wonders.  "Henv  many  jt^  have  been  outsourced 
just  because  tfie  IT  team  did  a  pcxir  job  of  explaining  what  they' 
dfi  on  a  daily  basis?” 


COVER  STORY 


Handin  had  encountered  one  of  the  paradoxes  of  the  IT  world; 
Technological  achievements  often  result  in  things  nor  happening 
—  bad  things,  like  outages,  lost  daU  or  network  breaches.  “On  a 
good  day  in  IT,  nobody  knows  you're  there,"  says  Joe  McLaughlin, 
vice  president  of  AAA  Western  and  Central  New  York,  a  Buffalo- 
based  not-for-profit  that  provides  emeigency  roadside  assistance 
and  other  services  to  its  8Bo,(X>o  members. 

Worse,  top  executives  may  know  that  you  and  your  staff  are 
there,  but  they  think  you're  updating  your  Facebook  profiles  while 
waiting  for  retjuests  for  help.  Like  the  CFO  who  Handler  encoun¬ 
tered,  they  may  assume  that  if  they  don't  see  new  technology 
being  deployed  or  major  problems  being  repaired,  there's  nothing 
much  going  on.  But  in  reality,  a  good  IT  person  will,  for  example, 
“be  constantly  looking  at  resources  to  find  out  about  zero-day 
attacks  and  other  threats.*  says  Mike  Vitale,  CTO  at  TalkPoint,  a 

webcast  events  per  year.  “If  there  is  a  threat,  the  provider  will 
put  out  a  patch  quickly.  But  then  I  have  to  fitrd  out,  if  I  install  the 
patch,  will  it  stop  part  of  the  website  from  working?  People  don't 
know  about  the  blocking  and  tackling  that  goes  on  every  day." 

“There's  this  misconceptioo  that  you  stand  up  your  servers  and 
then  they  tun  in  perpetual  motion  from  that  point  forward  with 
no  cate  attd  foeditrg  involved,"  adds  Chris  Br^,  CIO  at  Next- 

whose  7$  farattches  serve  9,000  dealerships. 

That  miscoitception  is  easy  to  understattd.  Corporate  execu¬ 


tives  may  thitrk  enterprise  IT  systems  are  like  home  computers; 
You  set  them  up  and  they  keep  turmirrg  with  little  or  no  interven 
tion  as  long  as  security  updates  and  patches  are  set  to  automati¬ 
cally  dovraload.  h's  hard  to  argue  with  the  logic  that  servers 
costing  $50,000  or  more  should  have  at  least  the  same  capabili- 


m- 


^  .  CD  ^ 


COVER  STORY 


Keep  It  Short  and  Sweet  1 

While  many  CIOs  agree  that  it's  essential  to  let  upper  manage¬ 
ment  know  about  IT’s  activities  and  accomplishments,  they  warn 
that  the  task  must  be  handled  carefully  because  of  the  many 
competing  demands  on  top  executives'  attention,  and  the  danger 
that  they  won't  fully  listen  to  a  presentation  about  technology 
operations,  much  less  read  a  report  about  it. 

For  McLai^lin,  the  solution  is  to  give  the  CEO  a  written 
report  —  but  a  brief  one.  “It’s  very  simple  and  executive-level, 

and  it's  one  page,"  he  says.  “Basically,  the  question  is:  Are  we 

move  on  to  something  else.  System  availability  was  99.89%.  Do 
we  cate  about  the  o.ii%?  Ma^  not.” 

Brady  tries  to  casually  mention  to  the  CEO  whenever  her  team 
comfdetes  a  substantial  project.  Let's  say  they’ve  just  updated 
the  company's  mail  servers  to  the  latest  version  of  Microsoft 
Exchange.  “No  one's  goii^  to  see  anythii^  other  than  that  the 
mail  server  has  changed,”  she  says.  “But  that’s  a  pretty  b^  project 
for  the  infrastructure  team.  So  if  you  take  your  high-level  project 
plan  and  explain  why  you’re  doing  it  and  the  effort  involved, 
they’ll  see  that  there’s  a  substantial  project  your  team  is  doing.” 

Use  the  Mght  Measurements 

If  you  warn  top  executives  to  value  ITs  efibrts,  it’s  importartt  to 
communicate  those  efforts  in  terms  business  executives  cate  about. 

That  means  learning  which  metrics  those  executives  are  watching 
“For  our  CFO,  an  important  metric  is  EBITDA,”  says  Kevin 
Broadway,  CIO  of  MetroPCS,  a  wireless  carrier  acquired  by 
T-Mobile  in  2012  for  $1.5  bUlion.  (EBITDA,  an  acronym  for  earn¬ 
ings  before  interest,  taxes,  depreciation  and  armrtixation,  is  a 
metric  cortumnly  used  by  companies  with  large  debt  obligations 
or  expensive  assets  that  depreciate  over  time.  It  measures  how 
profnaUe  their  operations  ate,  irrespective  of  financing  and  tax 
issues.)  “IT  contributes  to  EBITDA  one  way  or  arxitber,”  Broad¬ 
way  says.  “As  we  invest  over  time  and  our  expenditures  change, 
we  make  it  worse  when  we’re  spending  money.  So  if  we  twist  the 
metric  to  invest  mote  in  IT,  in  theory  you  should  see  a  positive 
effect  on  EBITDA  over  time.”  1 

How  does  this  differ  from  return  on  investment,  or  ROI,  a 
much  mote  commonly  used  measure  in  IT  departments  every¬ 
where?  It  doesn’t,  or  not  very  much.  In  both  cases,  the  key  chal¬ 
lenge  for  IT  and  ffnance  is  to  go  back  and  measure  the  economic 
effects  of  a  project  after  it’s  completed  and  has  been  in  place  for 
awhile.  Bioadwayaddsooeextrastepbyfigurii^  out  how  those 

eff^  accrue  to  MetroPCS’s  general  profitability.  “The  one-to- 

one  relationship  isn’t  necessarily  there,”  he  conctdes.  “But  it's 

another  way  to  look  at  IT’s  contribution  at  a  macro  level.” 

In  foct,  Chris  Curran,  principal  and  chief  technologist  at  PwC, 
says  that  you  should  alert  the  CEO  to  ITs  accomplishments  only 
when  there’s  a  specific  benefit  the  CEO  would  value.  “It  will  seem 
interesting  to  the  business  only  if  you  can,  say,  demonstrate  that  in¬ 
tegration  after  a  merger  saved  20%  of  operating  expenses,”  he  says. 

When  Bad  Things  Don't  Happen 

Explaining  business  value  to  CFOs  and  CEOs  gets  more  chal- 
lerigii^  when  that  value  is  the  reduced  or  eliminated  risk  of  a  ’ 

business-impacting  technology  failure.  But  it’s  important  to  make 
the  effort.  “The  onus  is  on  the  CIO  to  translate  those  risks  you’ve 
identified  and  make  a  compelliog  case  as  to  what  the  risk  is  to 


whatever  the  benefit  you're  trying  to  convey,  Vitak  advises 
seeking  professional  help  in  getting  your  message  across.  “You 
can  leverage  your  existing  assets  internally."  he  says.  “The 
corporate  communications  group  within  an  organization  is  vet 
powerful,  and  I  would  encourage  IT  leaders  to  be  very  familiar 
with  the  people  in  it,"  he  says.  “They  usually  handle  internal  as 
well  as  external  communications,  and  they're  only  a  step  away 


mmends  submitting  regular  “pseudo  news  releases"  to  the 

ities.  “Any  mature  organization  has  a  number  of  ways  to  d 
ite  this  information  internally,  including  intranet  sites  and 
email  blasts,"  he  says.  “If  your  company  uses  social  intran 
vare  such  as  Jive,  Salesfbrce  Company  Communities,  Podk 


Meeting  Higher  Expectations 

While  it's  important  to  highlight  the  value  of  infrastructure 
maintenance  and  keep.tbe-ligbts.on  projects  that  prevent  bad 
things  from  happening,  today's  CIOs  must  also  recognize  that 
the  rules  of  the  game  have  changed.  The  great  QO  that  Handler 
was  asked  to  help  fire  because  everything  was  working  fine? 
That  was  the  story  circa  1994,"  he  says.  “In  2000,  about  70%  of 
IT  organizations  were  viewed  as  a  necessary  evil.  Today,  only  7% 
ate  seen  that  way,  and  90%  of  senior  non-IT  leaders  view  IT  as 

Unfortunately,  not  all  technology  leaders  see  themselves  as 
change  agents,  he  says.  “Some  CIOs  think  if  they  can  do  project 
delivery  well  they  should  be  heralded.  CEOs  think,  'No,  that's 
your  job.'  Being  able  to  deliver  projects  is  ubie  stakes." 

IT  being  taken  for  granted  is  “a  very  common  problem," 
Curran  says.  “I  think  it  comes  from  a  lack  of  recognition  of  the 
two  potential  roles  for  IT.  One  is  an  internal-feeing  role  about 

ing  transactions.  The  seci^  is  a  market-feeing  role  to  create  new 
value  around  products  and  services." 

Not  understandir^  that  second  role  gets  IT  organizations  in 
trouble,  he  says.  There's  a  lot  of  confusion  about  trries  and  re¬ 
sponsibilities,  and  partnering  aettKS  business  functions  is  harder. 
But  it's  bow  IT  can  bring  potential  value  to  the  busitKSS." 

The  most  successful  CIOs  understand  both  roles,  and  initiate 
customer^acing  projects.  “My  team  knows  the  business.  We  are  not 
order^akers,"  Brady  says.  “We  create  new  ideas  and  let  the  business 
know  what  weVe  come  up  with.  We  say, 'We  think  it  will  make  a  dif¬ 
ference,  what  do  you  thirik?' We  don't  wait  for  them  to  come  to  us." 

That  approach  made  a  huge  diSerenoe  to  NextGear's  fortunes 


alwraysbepartof 
-whether  it's 


when  the  economic  downturn  hit  in  2008.  IT  had  recently 
launched  predictive  analytics  for  its  loan  portfolio,  and  the 
analysis  turned  up  a  troubling  trend:  Car  dealers  who  borrowed 
from  the  company  were  keeping  inventory  in  their  lots  longer  attd 
paying  back  loans  more  slowly  than  they  had  in  the  past  After 
discovering  that  NextGear  determined  that  it  could  help  keep 
its  borrowers  in  busitress  (and  payit^  their  loans)  by  encouraging 
them  to  sell  hard-tomove  cars  at  auction  and  avoid  being  over¬ 
stocked.  “We  were  able  to  spot  warning  trends  six  months  earlier 
than  our  competitors,"  Bra^  says. 

It  all  goes  along  with  the  philosophy  of  continuous  improve¬ 
ment  she  adds,  “just  because  a  process  is  working  well  doesn't 
mean  you  should  be  happy  with  K." 

Besides,  Broadway  notes,  if  you  content  yourself  with  keeping 
things  running  smoothly,  you  risk  taking  yourself  out  of  the  top 
management  loop.  Tou're  not  actively  applying  your  acumen  to 
the  business  problems  of  the  day,  so  you're  not  part  of  the  conver¬ 
sation,"  he  says.  “And  you  should  always  be  part  of  the  conversa¬ 
tion  —  whether  it's  about  IT  or  not"  ♦ 

ZttHn  is  a  technology  writer  and  co-nuthor  (^Tbe  CeH:  Gap:  Why 
Business  and  Technology  Professionals  Don't  Understand  Each 
Other  and  Why  They  N^  Each  Other  to  Survive.  Contact  her  at 


17 


COVER  STORY 


THE  BRIEF  LIFE 
PMO 

HAT'S  THE  AVERAGE  LIFE  SPAN  of  a 
project  management  office  or  leadership 
role?  In  many  companies,  it's  two  years, 
accordingto  Robert  Handler,  an  analyst 
at  Gartner,  which  does  regular  surveys 

"We  noticed  a  pattern.”  he  says.  "A 
project  blows  up.  and  someone  in  the 
company  says,  'it  can't  happen  again  - 
how  about  a  PMO?'  So  the  PMO  is  up  and  running,  and  for  the 
first  year  everything  is  great.”  Eventually.  Handler  says,  the 
PMO  manager  gets  bored  and  starts  adding  other  functions 
such  as  IT  governance,  asking  project  owners  to  report  on  a 
regular  basis,  which  merely  has  the  effect  of  annoying  them. 
No  more  projects  blow  up.  but  many  are  slightly  late  and/or 
over  budget  as  is  common  throughout  the  IT  world.  “So  the 
PMO  gets  blamed  and  then  disbanded.”  Handler  says. 

That  might  be  the  wrong  move,  though,  because  the  PMO 
was  serving  a  real  function.  Statistically,  he  says,  about  1 
project  in  6  will  go  horribly  wrong  -  hugely  over  deadline  or 
over  budget  or  both,  or  is  not  completed  or  adopted.  If  that 
didn't  happen  while  the  project  management  office  or  over¬ 
sight  person  was  in  place,  it's  because  the  PMO  was  doing  an 
effective  job. 

"Somebody  has  to  do  that  work."  says  Joel  Dolisy.  CTO  at 
SolarWinds.  "Someone  has  to  work  with  stakeholders  and 
define  their  requirements."  Unfortunately,  he  says.  "People 
treat  the  PMO  like  it's  a  black  box  and  they  want  magic  from 
It.  Because  they  don't  want  any  of  their  own  business  proc¬ 
esses  to  be  affected." 

So  how  do  you  keep  a  PMO  alive  past  that  dreaded  two- 
year  mark?  Begin  by  limiting  its  activities  to  what's  needed 
to  keep  projects  on  track.  "We  have  a  director  of  project 
management  rather  than  a  whole  office."  says  Joe  McLaugh¬ 
lin.  vice  president  of  IT  at  aaa  Western  and  Central  New 
York.  "A  PMO  IS  generally  full  of  bureaucracy  and  needless 
Microsoft  Project  reports.” 

McLaughlin  reduced  the  complexity  at  AAA's  PMO.  and 
vastly  simplified  the  requirement  document  to  one  that's 
written  in  plain  English  and  is  easily  understood.  Once  it's 
filled  out.  he  says.  “We  don't  ask  them  to  review  require¬ 
ments.  Instead,  the  director  of  project  management  sends 
back  a  one-page  scoping  document  that  basically  says.  'This 
IS  what  we  think  you  want  to  do  -  is  that  correct?'” 

In  general,  he  adds,  "we  try  to  be  a  tot  more  user-friendly, 
we've  eliminated  most  of  the  weekly  reporting  meetings, 
and  try  to  only  focus  on  meetings  that  actually  produce 
work,  you  read  these  articles  that  say.  You  have  to  do  this, 
this  and  this.'  well,  you  don't.  You  have  to  do  what  works.” 


Keep  It  Short  and  Sweet 

While  nuny  CIO.  dgrei- 1  hat  it's  ess, 


iai  to  let  upjler  manage- 

ineiit  know  about  i  I  .s  activities  anti  accomplishments,  tlye>'  warn 
that  tfie  task  must  be  handled  cart'fully  because  of  the  many 
tT)mpt‘ting  demands  t>n  lop  executives'  attention,  and  the  danger 
that  the)  won't  fully  li.sten  to  a  pa*sentation  alxxit  technology 
operations,  much  less  read  a  report  about  it. 

For  McLaughlin,  the  solution  is  to  gKe  the  CEO  a  written 
report  —  but  a  brief  tme.  "It  s  very  simple  and  executive-level, 
and  it's  one  page,"  he  says.  "Basically,  the  question  is:  Arc  we 
winning  or  losing?  if  we're  winning,  maybe  the  executivecan 
nMive  on  to  something  else.  System  availability  was  99.89%.  Do 
we  care  about  the  o.ii%?  Maybe  not." 

completes  a  substantial  project.  Let's  say  they’ve  just  updated 
the  company's  mail  servers  to  the  latest  version  of  Microsoft 
Exchange.  "No  one’s  going  to  see  anything  other  than  that  the 
mail  sers'er  has  changed."  she  says.  “But  that’s  a  pretty  big  project 
for  the  infrastructure  team.  So  if  )xhj  take  your  high-le\'el  project 
plan  and  explain  why  )-ou’rc  doing  it  and  ilie  effort  inv«3lved. 
tite)  '!]  see  that  there’s  a  substantial  project  your  team  is  doing." 

Use  the  Right  Measurements 

If  )0U  w  ant  top  executives  to  value  IT’s  ^orts,  h’s  important  to 

That  means  learning  which  metrics  those  executives  are  watching. 

"For  our  CFO.  an  important  metric  is  EBITDA,"  says  Kevin 
Broadway.  CIO  of  MetroPCS,  a  w  ireless  carrier  acquired  by 


T-Mobile  in  2012  for  $1.5  billion.  (EBITDA,  ai 
ings  before  interest,  taxes,  depreciation  and  amortizaticMi,  is  a 
metric  cx)mmonly  used  b)  companies  with  large  debt  obligations 
or  expensive  assets  that  depreciate  over  time.  It  measures  how 
profitable  their  operations  are.  irrespective  of  financing  and  tax 
issues.)  "IT  contributes  to  EBITDA  one  way  or  another.”  Bmad- 
W’O)'  says.  "As  we  invest  over  time  and  our  expenditures  change, 
we  make  it  worse  when  we're  spending  mone)’.  So  if  we  twist  the 
metric  to  invest  more  in  IT.  in  theor)-  you  should  see  a  positive 
effect  on  EBITDA  over  time." 

How  does  this  differ  from  return  on  investment,  or  ROL  a 
much  more  commonly  used  measure  in  IT  departments  every- 

lenge  for  IT  and  finance  is  to  go  back  and  measure  the  economic 
effects  of  a  project  after  it  's  completed  and  has  been  in  place  for 
a  while.  Broadway  adds  one  extra  step  b\'  figuring  out  how  those 
effects  accrue  to  MetroPCS’s  general  profitability.  “The  one-to- 
one  relationship  isn't  necessarily  there."  he  concedes.  "But  it’s 
another  way  to  look  at  ITs  contribution  at  a  macro  level.  " 

In  fact.  Chris  Curran,  (principal  and  chief  technologist  at  PwC, 
says  that  wmj  shcHild  alert  the  CEO  to  I'Ts  accomplifiiments  only 
when  there's  a  specific  benefit  the  CEO  would  value.  “It  will  seem 
interesting  to  the  business  only  if  y-ou  can.  say.  demonstrate  that  in¬ 
tegration  after  a  mcigcr  saved  26%  of  operating  expenses."  he  says. 

When  Bad  Thinp  Don’t  Happen 

Explaining  business  value  to  CFOs  and  CEOs  ge(s  more  chal¬ 
lenging  when  thal  value  is  the  reduced  or  eliminated  risk  of  a 

the  effort.  "The  onus  is  on  the  CIO  to  translate  those  risks  )’ouve 
identified  and  make  a  compelling  case  as  to  w-hat  the  risk  is  to 


Meeting  Higher  Expectations 

While  it's  important  to  highlight  the  value  of  infrastructure 
maintenance  and  keep-the-lights-on  projects  that  prevent  bad 
things  from  happening,  today’s  CIOs  must  also  recognize  that 
the  rules  of  the  game  have  changed.  The  great  CIO  that  Handler 
was  asked  to  h^p  fire  because  everything  was  working  fine? 
“That  was  the  story  circa  1994.”  he  says.  “In  2000,  about  70%  of 
IT  oiganizations  were  >iewed  as  a  necessary  evil.  Today,  only  7% 
are  seen  that  way,  and  90%  of  senior  non-IT  leaders  view  IT  as 
important  to  the  business.  People  expect  you  to  deliver  change.” 


You  should  always  be  part  of 
the  conversation  -  whether  it’s 
about  IT  or  not 

KEVm  BROADWAY,  CIO.  METR0PC5  BRANDS 

when  the  economic  downturn  hit  in  2008.  IT  had  recently 
launched  predictive  analytics  for  its  loan  portfolio,  aiKl  the 
analysis  turned  up  a  troubling  trend;  Car  dealers  who  borrowed 


Connect. 

Share. 

Give. 

Take. 

Solve. 

Save. 

Smile. 


Unifying  business  communications 
for  the  new  way  to  work. 

unify.com 


un-py 


Mobile’s  New 


Ergonomic 


Today’s  devices 
give  you  freedom 
to  move,  but  they 
have  limitations  of 
their  own. 


CONSUMERIZATION  OF  IT 


Meanwhile,  the  upsurge  of  mobile  devices  would  seem  to 
oSer  a  way  to  alleviate  the  problem  —  but  it  turns  out  that  such 
devices  come  with  ergonomic  challenges  rrf  their  own. 

'For  decades,  ergonomics  was  billed  as  a  way  to  get  people 
to  stay  at  their  desks  longer  and  rtHwe  productively,"  says  Dr. 
lames  Levine,  director  of  obesity  sohitions  at  the  Mayo  Oinic  in 
Rochester,  N.Y.,  and  Phoenix.  “Over  the  past  six  t>r  seven  years, 
we  have  realiaed  the  consequences  of  people  sitting  too  long,  and 


Specihcally,  he  lists  (in  no  particular  order)  low  productivity, 
back  problems,  obesity,  hypertension,  hyperlipidemia  (elevated 
levels  of  lipkls  in  the  bkxxl),  carrliovascular  diseases,  rleep  vein 
thrombosis  and  diabetes,  as  well  as  mental  sluggishness,  apathy, 
listlessness,  mild  depression  and  perhaps  even  clinical  depression. 

“We  need  to  reverse  the  process  of  40  years  and  get  people  out 
of  their  chairs  and  off  their  bottoms." 

Levine  says.  “Office  productivity  and 
school  grades  improve  as  people  get 
mobile,  as  they  get  up  and  move.  They 
will  tdl  you  that  they  feel  brighter  and 
sharper.  They  will  say,  much  as  I  hate 
the  term,  T  M  more  alive.'  About  10 
years  ago,  I  had  senior  scientiffccol- 


about  this,  saying  I  was  wrong,  but  no 
there  is  international  recognition  that 
sedentariness  is  killing  people." 


aid  chemical  melatonin,  making  it  harder  to  go  to  sleep. 

Using  an  iPad  at  full  brightness  for  two  hours  is  enough  to 
trigger  melatonin  suppression,  she  has  found.  (She  also  studied 
the  effects  of  watching  TV  and  using  computers  with  CRT 
screens  but  didn't  find  any  suppression  —  presumably  because 
TVs  and  computer  monitors  aren't  as  bright  as  tablet  screens  and 
people  don’t  get  as  close  to  them  as  they  do  to  tablets.) 

Extensive  typing  on  a  tablet  opens  another  can  of  worms. 
“We've  done  a  lot  of  work  on  this,"  Hedge  says,  noting  that  the 
most  noticeable  challenge  is  that  people  have  to  slow  down  when 
typing  on  touchscreen  keyboards  because  they  don't  provide  the 
resistance  and  tactile  feedback  of  regular  keyboards. 

Second,  users'  fingers  “tetul  to  get  sore,  since  there  is  no  give 
on  that  surface,"  he  says.  “It’s  like  drumming  your  fingers  on  your 
desk  all  day.  For  the  convenieiKe  of  technology,  we  have  moved 
people  away  from  typing  and  back  to 


Your  Tablet  Has  a  Downside 

Oddly  enough,  no  one  is  saying  that 
mobile  devices  hold  the  answer  with 
their  potential  for  personal  mobiiity. 

Perhaps  this  is  because  mobile  gad^ 
introduce  new  ergonomic  problems. 

Tablets,  for  insUnce,  might  at  first 
glance  seem  to  free  people  from  their 
desks,  but  in  fact  people  tend  to  place 
them  flat  on  their  desks  and  read  them 
as  ifthey  were  books,  says  Alan  Hedge, 
director  of  the  Human  Factors  and 
Ergonomics  Laboratory  at  Cornell  Uni¬ 
versity  in  Ithaca,  N.Y.  With  a  book,  he 
notes,  people  will  occasionally  change 
posture  as  they  turn  the  page,  but  with  tablets  they  can  remain 
inmehed  for  long  periods. 

“Leaning  forward  doubles  the  compressive  forces  on  the 
vertebrae  in  your  lower  back  compared  to  leaning  back."  explains 
Hedge.  “When  leaning  back  20  degrees  in  a  lounge  chair,  you  are 
really  relaxing  and  halving  the  compression.  That  is  why  we  say 
'sH  back  and  relax,’  not  'hunch  forward  and  relax.'" 

One  resuh  of  hunching  is  a  syndrome  called  iPad  Neck  — 
chronic  soreness  of  the  back  of  the  neck  and  iq>per  shoulders. 
Hedge  recommends  propping  up  the  tablet  or  putting  it  on  a 
holder  so  you  can  keep  your  neck  straight  while  you  read. 

Overuse  of  tablets  may  also  interfere  with  getting  a  good 
night's  sleep,  says  Mariana  Figueiro,  director  of  the  Li^t  and 
Heahh  program  of  the  Lighting  Research  Center,  part  of  Rens¬ 
selaer  Polytechnic  Institute  in  Ttoy,  N.Y.  Exposure  to  bri^  light 
in  the  evening  will  suppress  the  b^’s  production  of  the  sleep- 

20  NOVEUeCP  U.  20.3 


There  is  a  foundation 
of  activity  that  we  need 
to  do  throughout  the 
day  to  stay  healthy.  This 
is  the  kind  of  activity 
that  our  parents  and 
grandparents  used  to 
get  throughout  the  dayy 
but  gadgets  have  taken  it 
away  from  us. 


ducing  iheir  productivity.  It's  ludicrous." 

Haptic  interfaces,  which  are 
designed  to  provide  tactile  feedback 
from  flat  screens,  might  help  —  even¬ 
tually.  But  the  technologies  are  still 
being  developed  and  are  not  yet  widely 
deployed  on  mobile  devices. 

Laptops,  meanwhile,  are  non- 
ergonomk  by  nature,  since  there's  no 
way  to  adjust  the  distance  between  the 
keyboard  and  screen.  It’s  all  but  impos¬ 
sible  to  situate  yourself  in  an  eigonomi- 
cally  acceptable  manner  while  working 
on  a  laptop.  Hedge  says,  because  “your 
hands  want  to  be  close  to  your  chest, 
but  your  eyes  want  to  be  focused  on 
something  two  feet  in  front  of  you." 

As  for  smartphones,  people’s  use  of 
their  thumbs  fix  texting  has  led  to 
an  upsurge  of  a  conditkai  called 
de  Quervain  syndrome,  which  is  more 
commonly  known  as  BlackBerry 
Thumb,  Text  Thumb  and  Ninterxlo 
Thumb,  among  other  things. 

“BlackBerry  Thumb  is  really  tendi¬ 
nitis  at  the  base  of  the  thumb,  caused 
I  growing  trend,"  says  Linda  Weitzel, 
senior  ergonomist  at  Xerox.  Using  other  text  input  tools,  such  as 
predictive  spelling  and  speech  recognition,  could  help,  she  adds. 

Hedge  notes  that  a  aoo6  Virgin  Mobile  survey  of  British  users 
found  that  reports  of  sore  thumbs  or  wrists  had  increased  38% 
in  a  span  of  five  years.  More  recent  research  has  yielded  similar 
findings. 

Stand  Up  for  Frequent  Breaks 

If  mobile  devices  aren’t  the  answer,  neither  is  a  gym  member¬ 
ship,  since  exercise  outside  the  office  doesn’t  undo  the  unnatural 
effects  of  sitting  fixedly  at  a  desk  for  hours,  says  loan  Vemikos, 
former  director  of  NASA’s  Life  Sciences  Division. 

“There  is  a  foundation  of  activity  that  we  need  to  do  through¬ 
out  the  day  to  stay  healthy,"  she  says.  “This  is  the  kind  of  activity 
that  our  parents  and  grandparents  used  to  get  throughout  the 


by  rapid  texting,  and  it’s 


that  involves  looking  off  into  the  disunce,  she  adds. 


“The  signal  to  stand  up  does  something  to  the  body  that  tunes 
it,  controlling  the  blood  pressure  and  circulation,'  says  Vemikos. 
“Every  ao  to  30  minutes  you  need  to  stand  up.  Mote  often  is  6ne, 
but  doing  it  20  times  at  once  and  saying  you  are  done  is  not  suf¬ 
ficient;  you  must  do  it  throughout  the  day." 

Taking  that  advice  to  another  level,  Weitzel  says  she  uses  a 
sUnding  desk  and  has  recommended  that  option  to  hundreds  of 
Xetor  employees.  “Most  say  pretty  quickly  that  it  does  help  their 
back.  Out  of  all  those  people,  1  only  know  one  that  went  back  to 
sittir^  Maybe  it  was  high  heels,”  she  surmises. 

Weitzel  is  quick  to  arid  that  it's  better  to  alternate  between 
sitting  and  sUnding,  saying  that  ^  tries  to  help  employees 
recognize  the  signs  of  btigue.  “I  educate  them  on  how  their  body 
should  feel  and  [tell  them]  not  to  push  it  beyond  a  certain  point, 
since  starxling  all  the  time  can  create  as  many  issues  as  sitting." 

Another  cause  of  sluggishness  could  be  streaming  down  bom 
overhead:  fixed,  unchanging  artificial  lighting,  especially  in  the 
absence  of  windows. 

Figueiro  has  dcme  studies  ft>r  the  U.S.  Navy  concerning  the  use 
of  light  to  enhance  crew  alertness  on  submarines.  She  found  that, 
left  to  itself,  your  body  will  drift  into  a  24.z-hour  schedule,  which 
would  result  in  your  sleeping  hours  eventually  overlapping  your 
office  hours.  To  reset  your  body  to  the  24-hour  day,  you  need  to 
expose  yourself  to  sunli^t,  but  in  winter  people  often  commute 
in  darkness.  In  the  absence  of  sunlight,  exposure  to  bluish  light  • 
will  serve,  she  says. 

“Exposii^  yourself  to  sunlight  can  be  a  kick  like  a  cup  of 
coffee,”  F^ueiro  adds.  Bluish  cubicle  lighting  is  also  available, 

but,  whatever  the  source,  the  light  has  to  reach  your  retinas  — 

you  have  to  see  the  source,  directly  or  reflected,  she  explains. 


The  Search  for  Relief 

Unlike  the  posture-centric  prescriptions  of  the  old  c^Sce  ergo¬ 
nomics  (see  story  below),  the  new  playbook  is  mote  art  than 
science,  especia%  since  it's  constantly  evolving  to  address  new 
tecbrxdogies.  In  other  words,  there  is  no  ot>e  r^ht  answer. 

“Sitting  should  be  a  posture  of  choice,  not  the  posture  of  obli¬ 
gation,"  says  Levine.  “1  am  not  saying  to  stop  working  and  go  Cor 
a  walk,  I  am  saying  you  should  do  the  same  amount  of  work  but 
do  it  while  in  motion." 

If  you  want  to  do  more  than  a  stand  up  now  and  then,  Levine 
recommends  a  treadmill  desk.  But  there  are  also  sim|der  options, 
like  walking  while  talldr^  on  the  phone.  You  could  schedule  walks 
to  coincide  with  calls  and  color-oode  them  green  in  your  calendar 
app.  Then  you  can  see  at  a  glance  bow  “green"  your  schedule  is. 

“Take  the  stairs.  Go  to  the  water  fountain.  If  you  would  get  in 
trouble  hr  going  to  the  water  fountain,  keep  a  water  bottle  across 
the  room,"  not  at  your  desk,  says  Vernikos.  “Yc»  have  to  change 
your  habits,  [and]  when  you  do,  you  have  more  energy." 

Finally,  experts  agree  that  office  workers  need  to  accept  a  basic 
premise  that,  for  many,  apparently  flies  in  the  face  of  their  work 
ethic:  You're  supposed  to  be  comfortable  at  work. 

“The  first  principle  is  to  be  comfortable,'  Hedge  says.  “Have  a 
neutral  posture.  If  there  is  any  sign  of  discomfort,  change  what 

you  are  doir^  straightaway.  Do  not  think  that  if  you  are  at  work  it 

is  supposed  to  hurt." 

If  it  does  hurt,  Weitzel  says,  “we  have  to  figure  out  something 
diflerent.”  * 

Wood  is  a  fnxiana:  writer  in  San  Antonio. 


Some  OM  Rules  Still  Apply  :r; 


-0 


with  tt.  "You  have  to  have  a  specialization  if  you  want 
to  stick  it  out  in  the  technolo^  world,”  says  Moore, 
who  currently  serves  as  SAP  technical  lea^  a  contract 
position,  at  Tyler,  Texas4>ased  Brookshire  Grocery 
Co.  “A  generalist  is  going  to  have  a  hard  tiine  unless 
thdr  path  is  toward  management.  If  you're  not  very 
speciBc,  you're  not  going  to  get  the  best  situations." 

So  far,  the  approach  has  worked.  By  keeping  an 
eye  on  trending  technologies  and  investing  in  his 
own  training,  Moore  has  enjoyed  a  successful  career 
as  a  contractor,  finding  the  opportunities  to  be  both 
plentiful  and  profitable.  He  says  be  has  moved  horn 
l35-per-bour  gigs  as  a  NetWare  networking  and  data¬ 
base  consultant  to  engagements  in  which  be  can  earn 
$120  per  hour  or  more  as  an  SAP  ^redalist.  “When¬ 
ever  there's  a  pause  because  of  a  soft  market,  1  look 
around  and  try  something  new,”  be  says.  “I  try  to  get 
my  fingers  on  as  wide  a  range  of  products  as  1  can." 

Moore  and  countless  other  IT  professkmals  who 
hitch  their  wagons  to  hot  technolDgy  stars  are  able  to 
thrive  by  carvii^  out  niches  as  proven  experts  in  the 
latest  “it”  tools.  They  do  especially  well  when  a  given 
prodwrt  is  very  popular  and  the  people  who  know 
how  to  use  it  are  in  short  supply  —  think  Hadoop 
developers  or  Salesfi>tce.com  architects. 

Yet  despite  upsides  such  as  steady  work  and  ample 
paychecks,  there  are  some  inherent  risks  to  that  strate¬ 
gy,  particularly  for  people  seeking  full-time  jobs  rather 
t^  contract  g^  and  for  IT  professionals  v^'d 
ultimately  like  to  pursue  carets  in  management 

In  addition,  given  the  general  shift  anuing  employ- 
ers  toward  an  emphasis  on  hiring  IT  professionals 
with  a  strong  unrferstanding  of  busing  rather  than 
specific  technical  skills,  etn{doyment  experts  warn 
that  brand  specialists  could  find  themselves  painted 
into  a  comer  if  they  don't  balance  their  domain  skills 
with  strategic  business  knowler^e. 

"If  you  br^  yourself  as  a  spedalist  in  a  specific 
technology  and  that's  all  you  know,  you'll  only  address 
that  business  need  from  the  perspective  of  that  tech¬ 
nology,  which  isn't  always  the  ri^  answer,"  says  John 
Reed,  senior  executive  director  at  Robert  Half  Technol¬ 
ogy,  an  IT  staffing  firm.  “It's  really  mote  about  the 
skills  you  bring  to  the  table.  What's  secondary  is  the 
toob  you  would  use  to  solve  the  business  problem.” 

Keeping  an  Eye  on  the  Trends 

Another  risk  of  pursuing  a  career  as  a  specialist  in  the 
fickle,  fast-moving  world  of  high-tech  is  that  what's 
considered  hot  today  can  become  stone  cold  tomor¬ 
row.  “You  certainly  run  the  risk  of  the  technology 
becoming  obsolete,"  says  Marshall  Oldham,  director 
of  recruiting  at  TEKsystems,  an  IT  staffing,  talent 
management  and  services  provider. 

“People  need  to  be  smart  about  bow  and  when 
they  hitch  their  wagon  to  one  of  these  brands," 
Oldham  says.  “People  who  do  are  typically  pretty 
savvy  and  pay  attention  to  industry  trends,  so  th^ 
can  proactively  seek  out  skills  for  the  next  boom." 


Oldham  advises  would-be  brand  specialists  to 
do  thorough  and  ongoing  reconnaissance  on  the 
technology  landscape  to  ensure  they  al^  with  the 
brands  and  vendors  that  have  staying  power  thanks 
to  the  right  mix  of  financial  backing  and  market  en¬ 
trenchment  —  for  example,  Salesforcexom,  a  relative 
newcomer,  and  SAP,  which  has  been  an  enterprise  IT 
mainstay  for  almost  two  decades. 

Reed  advises  IT  specialists  to  develop  general  skills 
and  disunce  themselves  from  individual  braixls 
when  seeking  new  opportunities,  unless  the/te 
pursuing  specific  |ot»  that  emphasize  a  particular 
technology.  So,  for  example,  a  SharePoint  special¬ 
ist  should  highlight  collaboration  tool  skills  on  his 
resume  while  someone  who  has  a  VMware  job  title 
should  position  himself  as  a  virtualization  expert. 

“Talk  more  about  yotu  functicmal  expertise  and 
hi^ight  the  tool  you  have  experience  with,"  Reed 
says.  “Don't  position  yourself  exclusively  with  that 
technology  because  you  can  get  pigermholed." 


People  need  to  be  smart  about 
how  and  when  they  hitch  their  wagon 
to  one  of  these  brands. 

MARSHALL  OLDHAM,  DIRECTOR  OF  RECRUITING.  TEKSYSTEMS 


To  avoid  being  left  on  the  sidelines  with  outdated 
expertise,  technologists  must  keep  abreast  of  industry 
trends  by  reading  trade  journals  and  attending  con¬ 
ferences,  and  they  should  iiwest  in  ongoing  profes¬ 
sional  development  and  training,  Reed  says. 

Moore,  the  SAP  expert,  is  a  good  case  in  poinL  He 
ponied  If  $7,000  of  his  own  money  for  a  month's  worth 
of  SAP  training  and  ABAP  ceitificuian  when  he  first 
started  out  And  several  years  ago,  he  doled  out  another 
$20,ooo-plusanabusinessintelligenceoertification  — 
for  SAP's  Business  Informatian  Warehouse  —  from  one 
of  SAP’s  training  centers.  “I  went  that  directiao  because 
it  was  kind  of  a  hot  area,  and  I  was  concerned  that 
ABAP  was  nmtring  its  course,”  he  explains. 

Moore  acknowledges  that  training  is  expensive  and 
sometimes  hard  to  accommodate,  especially  when 
you'realteady  working  full  time.  “Typically,  you  cant 
take  a  month  off  for  training,”  he  observes.  Moreover, 
he  adds,  “if  you  dooT  use  what  you  learned,  it  disfpears 
pretty  quickly."  He  also  says  it's  difficult  to  figure  out 
when  the  tide  is  turning  on  your  chosen  IT  specialty. 

For  now,  Moore  remains  committed  to  SAP  despite 
the  feet  that  competitor  Salesfbtce.com’s  star  is  risit^ 
“It  would  be  a  whole  new  world  firr  me  to  move  over  to 
Salesfotcecom.  I'd  have  to  start  at  the  begitming,"  he 


23 


IT  CAREERS 


says.  That's  iM  my  preference.  There  will  be  jobs  in 
SAP  for  many  more  years,  but  they  may  become  more 
difiicuh  |to  End]  and  probably  at  lower  rates." 


RMinK  a  Brand  Into  the  Sunset 

justin  Burmeister,  who  in  the  late  ’90s  also  made  a 
career  switch  to  SAP,  from  various  roles  involving 
Microsoft's  Windows  NT.  says  it‘s  possible  to  pick 
up  new  skills  on  the  fob.  In  1998,  when  he  was  in  a 
Windows  NT  help  desk  support  role,  he  had  an  op- 

employer  brot^ht  in  to  implement  an  SAP  system. 
"My  company  chose  to  train  me  on  SAP  so  I  could 
support  the  systems,”  says  Burmeister.  who  is  cur¬ 
rently  assocu^  director  of  SAP  infrastructure  at 
Cheshire,  Conn.-based  Alexkxi  Pharmaceuticals. 

After  a  six-week  knowledge  transfer  session.  Bur- 
roeister  embarked  on  years  of  continuous  learnii^ 
in  which  he  regularly  tackled  new  prefects  and  was 
called  upon  to  troubleshoot  thousands  of  problems  as 


Even  if  [a  technok^l  is 
considered  oMp  you  can  still  wring 
more  career  value  out  of  it 

JOStPN  MOaCAN,  OATAPOWER  ADMINISTRATOR 


an  SAP  Basis  specialist  —  a  role  he  says  was  similar 
to  his  Windows  NT  jobs  in  that  it  focused  on  root- 
cause  analysis  and  tuning  server  performance. 

Burmeister  is  aware  that  his  d^  SAP  expertise 
puts  him  at  risk  if  SAP's  standing  in  the  market 
erodes,  but  he  says  he's  not  overly  concerned.  "Com¬ 
panies  have  eight-,  nine-,  even  lo-Egure  investments 
in  SAP  projects,  so  they  are  pretty  much  married  to 
the  teduiology,-  be  says.  'At  this  point,  Tm  in  pretty 
deep  because  it's  all  I'm  qualified  to  do,  but  I  think  I'd 
get  another  to  to  15  years  out  of  it  even  if  the  technol¬ 
ogy  does  change." 


Business  SkHls  Still  in  Demand 

Nick  Brattoli  was  recently  promoted  in  part  because 
of  his  conoentiation  on  Microsoft’s  SharePoint  col- 
laboratioa  software,  but  he  doesn't  see  that  particular 
domain  expertise  as  a  principal  driver  for  career 
growth  over  time.  Brattoli,  whose  background  is  in 
network  engiiieering,  recently  changed  titles  —  from 
Sharelfoint  implementation  engineer  to  SbaiePoint 
aichitect  —  at  Medseek,  a  Birmingham,  Ala.-based 
provider  of  patient  engagement  software.  Yet  he's 
focusing  on  developing  business-related  skills  with  an 
eye  toward  puisuing  a  career  in  IT  management. 


Brattoli  says  Medseek  values  his  SharePoint 
credentials,  ^t  what  really  appealed  to  the  company 
was  his  prior  experience  in  healthcare  IT.."’niey  lik^ 
my  technical  background,  but  they  liked  more  that  I 
could  do  the  business  side  of  things,"  he  says.  “Being 
good  at  SharePoint  means  I  know  a  bunch  of  things 
—  bow  databases  and  Web  pages  work,  and  a  lot  of 
encompassing  technologies.  But  it’s  the  'architect’ 
part  of  my  title  that’s  more  important."  Now  Brattoli 
is  making  a  point  to  focus  on  the  problems  the  busi¬ 
ness  is  trying  to  solve  so  his  skills  translate  when  the 


High  Demand -k  Low  Supply  s  Top  Dollar 

Some  specialists  argue  that  if  they  choose  the  right 
product,  there’s  no  need  to  worry  about  latching  on 
to  the  next  great  technology,  because  their  skills  will 
remain  matketabfe  long  af^  the  heyday  of  the  brand. 

That  was  Joseph  Morgan’s  strategy  for  quite  a 
while.  The  31-year  IT  veteran  was  able  to  work  fi>r 
years  doing  PowerBuilder  development  long  after  the 
Microsoft/Sybase  environment  IM  its  luster  in  the 
late  1990s.  “Even  if  something  is  considered  old,  you 
can  still  wring  more  career  value  out  of  tt  because 
there  are  companies  invested  in  the  technology  who 
need  assistance,"  be  says.  “You  just  need  to  do  the 
legwork  to  find  the  opportunities." 

Morgan  eventually  moved  on  fiom  PowerBuilder 
andsettledinwhhanewspedalty  —  IBM'sDataPOw- 
er  integration  appliance.  He  was  introduced  to  it  in  the 
mid-20oos  while  working  at  a  company  that  encour¬ 
aged  him  to  get  trained  and  certifi^  in  DataPower.  He 
was  initially  reluctant,  but  he  quickly  recognized  the 
product’s  staying  power,  given  its  emphasis  on  security, 
networking  and  application  devefopment 

With  a  new  specialty  under  his  belt,  Moigan  has 

lies"  and  a  variety  of  other  perks,  such  as  reimburse¬ 
ment  for  relocation  expenses. 

Because  DataPower  specialists  are  in  short  supply, 

-  he  has  been  able  to  parlay  hisdomain  expertise  into  a 
unique  working  situation:  He's  currently  in  a  full-time 
DauPower  rofe  at  Nelsmart,  a  provider  of  electronic 
medical  records  technology,  but  also  makes  himself 
available  as  needed  to  the  Department  of  Veterans 
A&iis  as  a  contract  DataPower  administrator. 

There  are  so  few  people  that  actually  either  want 
to  stay  with  [DataPower]  or  want  to  do  it  that  it  leaves 
high  demand  and  low  supply  for  this  particular  skill 
set,"  he  says.  “That’s  real  go^  for  a  career  if  it’s  some¬ 
thing  you  want  to  connect  yourself  to." 

But  even  from  his  current  perch  in  the  catbiid  seat, 
Mqigan  advises  his  IT  colleagues  to  expand  their  skill 
sets.  "Have  as  many  skills  as  you  possibly  can,  whether 
it's  database  technology,  old  technology  or  the  latest 
hot  technology,"  he  says.  “That  way,  when  one  thing  is 
not  popilar,  you  can  do  something  else."  • 

StadqNl*,  a /fequent  ComputerworM  ront^^ 
reported  on  businen  and  technolqgy  Jbr  more  dun  20  years. 


24 


Trouble 

Ticket 


No  policy,  no  matter  how  well  crafted,  is  immune  from 
periodic  review.  Fall  Is  when  our  manager  tackles  that. 

h^b-piofile  poliqr  for  user  passvvonls 
that  covers  things  like  ootnplexity  and 
chatige  foequency.  But  we  have  several 
other  passvvofd  policies  that  were  little 
noticed  because  they  were  buried  in  other 
IT  documents.  I’ve  pulled  them  out,  rewrit¬ 
ten  them  with  an  e^  toward  consistency 
and  consolidated  them  all  in  a  sin^  policy 
Next,  I  needed  to  address  policies  that 
relate  to  our  ezpartsive  emhrace  of  doud 
computittg.  Good-sized  chunks  of  our 
inhastructure  and  applications  ate  now 
hosted,  and  the  prevailing  thought  is  that 
tobeapprrrvedbyour  once  they  were  removed 

policy  board  (comprising 

counsel  and  the  CIO).  It’s 
just  too  hard  to  get  all  of 


VERT  FAIL,  I  conduct  a  policy 
review.  I  think  it’s  agood  idea 
to  have  this  on  nty  calendar, 
because  no  policy,  no  matter 
bow  well  crafted,  is  meant  to 
New  standards  arise  and 
1  modihed,  making  some  poli- 
it.Ora  . 


old  00 


audit  or  stane  business  reality  that  was 
previously  unacknowledged  emerges  to 
demonstrate  how  a  policy  falls  short. 

I  wouldn’t  make  much  progress  with 
this  exercise  if  everv  oolicv  tweak  had 


have  no  policy  allowing  him  to  do  sa  I 
can  help  with  thatU  modified  the  firewall 
policy  so  that  the  admin  must  disable  any 
rule  that  hasn’t  been  triggered  in  30  days 
and  then  delete  the  rule  after  90  ^ys. 

Acceiitable  Use  Rules 

Thekingofallourpoliciesisonaocept- 
aUe  use,  since  it  must  be  attested  to 
by  every  employee  each  year.  Like  any 
policy,  it’s  not  perfect,  so  it  was  due  ^ 
some  tweaks  as  well.  For  example,  since 
that  policy  was  last  modified,  employees 
have  begun  using  remote-access  software 
to  tap  into  the  PC  they  left  at  work  from 
their  homes,  or  anywhere  else.  I  have 
now  explicitly  restricted  the  use  of  such 
software,  which  already  violated  our 

tion  and  two-factor  authentication. 

Of  course,  sometimes  a  tweak  isn’t 
enoi^i.  I  did  have  to  create  a  new  policy. 
This  need  arose  from  a  lecemacquisi- 


them  in  the  same  room 
at  the  same  time.  When  I  first  came  to 
this  company,  I  needed  the  pdky  board 
to  approve  my  initial  polides.  I  had  to 
bait  a  conference  room  with  pizza  to  get 
everyone  together.  So  we  made  a  deal 
I  can  make  irKremental  modifications 
without  the  board’s  input.  I  make  needed 
changes,  forward  the  new  wonting  to  the 
board  and  then  wait  for  their  reactions. 
Usually,  I  don’t  hear  a  peep. 

Tm  working  on  several  modifications 
this  fall  First  up  is  passwords.  We  have  a 


applications  still  fece  the 
public  and  serve  our  customers.  With  that 
thought  guiding  me,  I  modified  the  DMZ 
pdicy  to  make  it  dear  that  any  resource 
sitting  between  the  public  Internet  and 
our  trusted  production  network  must  be 
protected  by  a  firewall  and  other  network 
security  devices,  regardless  of  where  that 
resource  physically  lives. 

Speaking  of  firewalls,  I  recently 
conducted  a  cutsmy  audit  of  our  firewall 
rules  using  a  tool  called  FrreMon,  uncov¬ 
ering  several  that  aren’t  utilized.  Ite  all 


tion,  in  which  we  assumed  some  30  dedi¬ 
cated  point-to-point  VPN  connections. 
We’ve  never  allowed  such  things,  but 
they  seemed  the  best  way  to  allow  newly 
acquired  offibore  workers  to  access  code 
bases  and  other  R&D  sections  on  our 
internal  network.  The  acquired  company 
also  had  no  policy,  standards  or  guide- 

what  I  called  a  ’’partner  coiinectivity 
poUcy,”  specifying  rules  for  them.  With 
an  entirely  new  policy  in  hand,  I  guess 
I’d  better  order  pizza.  • 

This  week’s  journal  is  written  1^  a  red 


Ul  MKMJidn't  make  imich  progi^  if  every  twna^ 
had  to  be  approved  by  our  policy  board. 


25 


journal 


It’s  Policy-Tweaking  Time 


Every  fall,  I  conduct  a  policy 
review.  I  think  it  s  a  good  idea 
to  have  this  on  my  calendar. 


last  for  all  time.  New  standards  arise  and 
old  ones  are  modified,  making  some  poli¬ 
cies  deficient.  Or  a  security  incident,  an 
audit  or  some  business  reality  that  was 
previously  unacknowledged  emerges  to 
demonstrate  how  a  policy  falls  short. 

I  wouldn’t  make  much  (Hogress  vidth 
this  exercise  if  every  policy  tweak  had 
to  be  approved  by  our 
policy  board  (comprising 
human  resources,  legal 
counsel  and  the  CIO).  It’s 
just  too  hard  to  get  all  of 
them  in  the  same  room 
at  the  same  time.  When  I  first  came  to 
this  company,  I  needed  the  policy  board 
to  approve  my  initial  policies.  1  had  to 
bait  a  conference  room  with  pizza  to  get 
ewryone  together.  So  we  made  a  deal. 

without  the  board’s  input.  1  make  needed 
changes,  forward  the  new  wording  to  the 
board  and  then  wait  for  their  reactions. 
Usually.  I  don’t  hear  a  peep. 

I'm  working  on  sevmal  modifications 
this  fall.  First  up  is  passwords.  We  have  a 


fairly  hi^^profile  policy  (or  user  passwords 
that  covers  things  like  complexity  atid 
change  fiequerxy.  But  we  have  several 
other  password  policies  that  were  little 
noticed  because  they  were  buried  in  other 
IT  documents.  I’ve  pulled  thnn  out,  rewnt- 
ten  them  with  an  eye  toward  consistency 
and  consolidated  them  all  in  a  single  policy. 

Next,  I  needed  to  address  policies  that 
relate  to  our  expansive  embrace  6f  cloud 
computing.  Good-sized  chunks  of  our 
infrastructure  and  af^ications  are  now 
hosted,  and  the  prevailing  thou^t  is  that 
once  they  wwe  removed 
from  our  premises, 

to  our  DMZ  policy.  But 
the  infrastructure  aixl 
applications  still  face  the 
public  and  serve  our  customers.  With  that 
thought  guiding  me,  I  modified  the  DMZ 
policy  to  make  it  clear  that  any  resource 
sitting  between  the  public  Internet  aixl 
our  trusted  production  network  must  be 
protected  by  a  firewall  and  other  netwcxk 
security  devices,  regardless  of  where  that 
resource  physically  lives. 

Speaking  of  firewalls,  I  recently 
conducted  a  curscHy  audit  of  our  firewall 
rules  using  a  tool  called  FireMon,  uncov¬ 
ering  several  that  aren't  utilized.  I’m  all 


Trouble 

Ticket 


for  Kcurity  and  even  more,  redundant, 
security,  but  security  measures  that  serve 
no  real  purpose  don't  help.  So  I  asked  our 
Rrewall  admin  why  he  didn’t  remove  the 
unused  firewall  rules.  His  answer;  We 
have  no  policy  allowing  him  to  do  so.  1 
can  help  with  that!  I  modified  the  firewall 
policy  so  that  the  admin  must  disable  any 
rule  that  hasn't  been  triggered  in  30  days 
and  then  delete  the  rule  after  90  days. 

Acceptable  Use  Rules 

The  king  of  all  our  policies  is  on  accept¬ 
able  use.  since  it  must  be  attested  to 
by  every  employee  each  year.  Like  any 
policy,  it's  not  perfect,  so  it  was  due  for 
some  tweaks  as  well.  For  example,  since 
that  policy  was  last  modified,  employees 
have  begun  using  remote-access  software 
to  tap  into  the  PC  they  left  at  work  from 
their  homes,  or  anywhere  else.  1  have 
now  explicitly  restricted  the  use  of  such 
software,  which  already  violated  our 
remote-access  requirements  for  encryp¬ 
tion  and  two-factor  authentication. 

enough.  1  did  have  to  create  a  new  policy. 
This  need  arose  from  a  recent  acquisi¬ 
tion,  in  which  we  assumed  some  30  dedi¬ 
cated  point-to-point  VPN  connections. 
We’ve  never  allowed  such  things,  but 
they  seemed  the  best  way  to  allow  newly 
acquired  offshore  workers  to  access  code 
bases  and  other  R&D  sections  on  our 
internal  network.  The  acquired  company 
also  bad  no  policy,  standards  or  guide¬ 
lines  for  such  connections,  so  1  created 
what  I  called  a  “partner  connectivity 
policy,”  specifying  rules  for  them.  With 
an  entirely  new  policy  in  hand,  I  guess 
I’d  better  order  pizza.  • 

This  iveefc’s  /oumol  is  ivrirten  by  a  real 


I  wouldn't  make  much  progress  if  every  tweak 
had  to  be  approved  by  our  policy  board. 


-  OPINION 

THORNTON  A.  MAY 

Between  Mobility's 
Rock  and  Hard  Place 


rrandtlie 
tjusnessmust 
OBatehi^ 
value  mobile 
opabities 
at  the  pace 
of  business 
opportunity. 


author  o(  rfte  Mew  Know; 
mnwation  Powered  by 
Ani/ytks  and  executive 


A  HIGH-POTENTIAL  MILLENNIAL  told  the  CIO  at  a  big-name  phar¬ 
maceutical  company  during  her  exit  interview  that  she  found  the 
work  enviromnent  toxic.  Her  mciin  complaint  was  that  the  enter¬ 
prise  did  not  allow  use  of  the  modem  consumer  technologies  and 


appiicatiofis  that  she  perceives  as  comprising  her 
personal  and  proCessinial  identity.  This  is  mobility  s 
rode  People  want  the  interbce,  the  ease  of  use,  the 
“cool"  betor,  the  freedom  and  the  functionality  of 
consumer  technology  in  the  workplace. 

Recently,  about  too  CIOs  sat  mesmerized  as 
two  dearecut,  well-groomed  and  impressively  ar¬ 
ticulate  young  men  demonstrated  an  exploit  that 
breached  two  smartphones  (iOS  and  Aiidroid). 
This  is  mobility’s  bard  place:  Smartphones  don't 
meet  enterprise  security  requirements. 

All  CIOs  today  find  themrelves  caught  between 

I  have  long  contended  that  the  best  cyberdefense 
begins  and  ends  with  an  educated  user,  aceder- 

infosec  can’t  fix  stupid,  it  can  play  a  major  role  in 
eradicating  ignorance.  At  a  recent  CISO  Summit, 

I  bumped  into  Wombat  Security  Technologies, 
a  company  founded  by  computer  science  bcuhy 
members  at  my  alma  mater,  Carnegie  Mellon 
University.  Wombat  ofiers  an  innovative  apprrrach 
to  getting  time-obsessed  executives  to  bet»  appre¬ 
ciate  the  impUcations  of  had  security  behavior. 

But  what  enterprises  teaOy  need  is  to  turn  mobil¬ 
ity’s  rock  and  hard  place  into  a  value  quarry.  To  do 
that,ITandthebusioesstogethertnustcreatehigb- 
vahie  mobile  capabilities  at  the  pace  of  business 
opportunity.  Tl^  is  not  as  impossible  as  it  seems, 
tfaou^  it  does  require  ending  the  occupational 
apartheid  that  characterizes  most  large  etrterprises 
today.  Professionals  who  know  everything  thm  is 
to  know  about  security,  technology  tieploytttent. 


mobile  app  development  and  the  future  needs  of 
future  customers  must  join  together  in  creativity¬ 
enhancing  ready  rooms.  There  they  must  conceptu- 
alize,  design  and  prototype  capabilities  designed  to 
delight  employees  and/or  customers. 

A  must-read  for  those  who  seek  to  understand 
and  benefit  from  the  mobile  phenomenon  is  Adam 
Greenfield's  2006  brxik,  Everywnre,  which  chal¬ 
lenged  the  historical  limits  of  ITs  purview  —  loca- 
tkms  inside  the  enterprise.  Greenfield,  who  went 
on  to  be  Nokia’s  head  of  design  direction  for  user 
interfiice  and  services,  said  that  in  the  future,  in¬ 
formation  will  be  delivered  in  a  marmer  appropri¬ 
ate  to  our  location  and  context  Every  enterprise  is 

tial  informated  work,  play  or  learning  space,  (bifor- 
malit^,  a  term  coined  in  1988  by  Harvard  Business 
School  professor  Shoshana  Zub^  is  the  process 
that  translates  descriptions  and  measurements  of 


make  this  possible  an 
not  just  a  geographical  concept.  It  has  a  temporal 
dimensioo  —  everywhen  —  as  well. 

In  Greenfield's  future,  we  will  t»  longer  append 


We  will  no  longer  hide  bad  thinking  and  speUing 
behind  “Sent  from  rrry  mobile  phone"  messages. 
If  you  ate  still  breathing,  you  will  be  expected 
to  conform  to  the  digital  mores  of  the  age.  The 


26 


MARKETPLACE 


Instantly  Search 
Terabytes  of  Text 


25+  fielded  and  full-text  search  types 
dtSearch's  own  document  filters  support  "Office,"  PDF, 
HTML,  XML,  ZIP,  emails  (with  nested  attachments),  and 
many  other  file  types 

Supports  databases  as  well  as  static  and  dynamic  websites 
above 

APIs  for  .NET,  Java,  C++,  SQL,  etc. 

64-bit  and  32-bif  Win  and  Linux 

Ask  about  fuHy-functiona!  evaluations 

www.dtSearch.com  i-soo-it-rnds 


27 


MARKETPLACE 


n  promo  code  DPCW  to  receive  free  shipping  on  your  environmental  monitors  and  sensors. 
Call  512  257-1462  or  order  online  at  itwatchdogs.com  •  salesia itwatchdogs.com 


pick  the  topics.  pick  the  sources.  pick  the  frequency. 

Build  your  own  newsletter  featuring  your  favorite  technology 
topics  cloud  computing,  application  development,  sectirity 
over  200  timely  topics,  from  more  than  700  trusted  sources. 


It's  free. 

www.techdispenser.com 


29 


Why /^ple  Made  OS  X  and 
Its  Office  Suite  Free 


Overthe 
pastoMile 
of  years. 
Anile  has 
gotten  ORier 
with  the 
enterprise. 


ScotFlwiais 

CompuienwrUirs 
editor  in  chief. 
You  can  contact 
himatsfinniee 
computen«ortd.coni 
and  follow  him  on 
twiner  OScolFinnie). 

32  CO.O.TE..O.I 


Tucked  in  among  Apple’s  hardware  debuts  last  month  was  the  an¬ 
nouncement  that  the  company  would  stop  charging  for  its  OS  X 
and  iWork  office-suite  software.  Why  is  Apple  willing  to  forgo  this 
small  revenue  stream?  How  might  it  affect  IT  buyers?  The  move  is 


an  interesting  one  on  several  (roots. 

The  first  thought  has  to  be  that  Apples  move  is 
an  outgrowth  o(  the  strong  trend  tovrard  free  soft¬ 
ware  in  the  burgeoning  mobile  market  —  after  all, 
iOS  has  been  free  for  a  long  time.  What’s  mote, 
Apple  idearly  wants  its  iWork  apps  for  both  OS  X 
and  iOS  to  be  in  one  code  base,  with  iderttical 
feature  sets.  That  lets  Apple  devote  fower  software 
et^neering  resources  to  the  iWotk  eflbrt. 

As  for  the  Mac  operating  system,  fiee  means 
foster  ttser  adoption,  which  in  turn  spirrs  app  devel¬ 
opment  for  the  newest  versions  of  die  softw^. 
According  to  Net  Applications,  tt%  of  all  Macs 
were  already  rrmning  OS  X  to.9  Mavericks  by  the 
end  of  October.  Cofitpulerworld’s  Gregg  Keizer  notes 
that  that’s  the  fastest  start  of  any  OS  X  upgrade. 

But  Apple  also  has  a  competitive  reason  for 
these  moves.  Specifically,  it  wants  to  keep  blowing 
Microsoft's  doors  off  on  mobile  market  share.  The 
maker  of  the  iPod,  iPhone,  iPad  and  Mac  is  tryir^ 
to  disrrrpt  Mkrosoft’s  business  model.  At  first, 

I  wasn’t  sure  this  was  really  happening,  but  the 
preponderance  of  evidence  shows  that  it  is. 

Apple  is  firaming  its  market  positfon  and  value 
proposition  for  both  i-rlevices  and  the  Mac  against 
thaw  of  Microsoft  and  Grxrgle.  Not  only  is  Apple 
not  going  to  lease  its  iWork  mobile  and  desktop 
suite  of  business  applications  for  $100  a  year,  it's 
offering  them  for  frw,  just  like  Google.  “Free" 
makes  the  iWotk  apps  more  attractive  than  they 
might  otherwise  be  in  a  comparison  with  Micro¬ 
soft’s  Office.  And  in  a  sidefry-side  comparison,  the 
erpially  free  Google  tfocs  apps  kxrk  like  toys. 

Of  course,  despite  my  hem  so  for  on  software. 


Apple  primarily  thinks  of  itself  as  a  hardware 
vendor.  And,  given  its  margins  on  hardware,  why 
shouldn’t  it?  So  why  did  Apple  also  annoimce 
price  cuts  on  some  of  its  most  popular  Mac  hard¬ 
ware  products?  Over  the  course  ^  20t3,  Apple  has 
reduced  the  average  selling  price  of  Mac  comput¬ 
ers  by  about  $150.  The  addition  of  free  business- 
oriented  software  heightens  the  perceived  value 
of  those  computers,  which  may  be  a  bid  toward 
increased  market  share. 

Over  the  past  couple  of  years,  Apple  has  gotten 
cozier  with  the  enterprise.  The  iPhone  and  the 
BYOD  movement  have  made  (or  a  rtruch  stronger 
Apple  presence  in  corporations.  But  the  total  cost 
of  ownership  (TCO)  has  remained  the  big  barrier 
to  enterprise  entry  for  the  Mac.  When  Apple 
simultaneously  lowers  hardware  prices,  bundles 
free  business  applications  and  oG^  free  OS 
updates,  the  result  is  decreased  TGO  for  the 
Macintosh  —  and  decreased  TCO  potentially 
makes  Macs  mote  attractive  to  IT  buyers. 

Still,  for  Apple  to  truly  benefit  from  its  decision 
to  eliminate  the  charge  for  iWork,  it  needs  its 

(unctionaiity  of  Office  365.  Instearl,  the  new  free 
OS  X  version  takes  a  serious  step  badr  because  of 
the  reduction  of  features  rerprired  to  sync  with  the 
iOS  iWotk  code  base.  Apple  needs  to  return  those 
features  to  users.  (Indeed,  the  comparty  recently 
announced  that  it  would  return  some  of  them.)  In 
particular.  Pages  needs  to  be  able  to  save  to  RTF 
fiirmat  Apple  does  have  an  honest  chance  to  gain 
a  foothold  in  office-suite  market  share.  Birt  sim¬ 
plicity  doesn’t  sell  with  this  type  of  software.  • 


